Proposal for a design for signed kernel/modules/etc
Peter Pentchev
roam at ringlet.net
Wed Mar 29 12:16:18 UTC 2017
On Mon, Mar 27, 2017 at 01:54:44PM -0400, Eric McCorkle wrote:
> Hello everyone,
>
> The following is a design proposal for signed kernel and kernel module
> loading, both at boot- and runtime (with the possibility open for signed
> executables and libraries if someone wanted to go that route). I'm
> interested in feedback on the idea before I start actually writing code
> for it.
>
> == Goals ==
>
[snip]
>
> == Non-Goals ==
>
[snip]
>
> == Existing Solution(s) ==
>
[snip]
> While functional, this design doesn't meet the goals I outlined:
>
[snip]
> * Finally, the gnupg signature format doesn't actually seem to be
> documented anywhere, or at least not anywhere that doesn't require a lot
> of digging...
Erm, actually, the so-called "gnupg signature format", better known as
"the OpenPGP signature format", is pretty well documented in RFC 4880.
Note that this remark has no bearing on any of your other arguments, or
on your work as a whole; I just wanted to clarify this particular point :)
G'luck,
Peter
--
Peter Pentchev roam at ringlet.net roam at FreeBSD.org pp at storpool.com
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20170329/defcf31a/attachment.sig>
More information about the freebsd-hackers
mailing list